SQL Command Execution Vulnerability in HP Mercury Quality Center
CVE-2007-1882

Currently unrated

Key Information:

Vendor: HP
Status: Mercury Quality Center
Vendor: CVE Published:; 6 April 2007

Summary

The HP Mercury Quality Center version 9.0 build 9.1.0.4352 contains a vulnerability that permits remote authenticated users to execute arbitrary SQL commands through the RunQuery method of the qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment. This flaw can potentially allow attackers to manipulate the database by injecting unauthorized SQL queries, leading to data exposure or modification.

References

http://secunia.com/advisories/24730

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/34630

vdb-entryx_refsource_OSVDB

http://lists.grok.org.uk/pipermail/full-disclosure/2007-A...

mailing-listx_refsource_FULLDISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2007
Vulnerability Reserved
Apr 5, 2007